Home>ISO Standards>ISO 11568-1:2005 pdf free

ISO 11568-1:2005 pdf free

ISO 11568-1:2005 pdf free.Banking一Key management (retail)一Principles
Messages and transactions in a retail banking system contain both cardholder sensitive data and related financial information. The use of cryptography to protect this data reduces the risk of financial loss by fraud, maintains the integrity and confidentiality of the systems, and instils user confidence in business provider/retailer relationships. To this end, system security shall be incorporated into the total system design.
The maintenance of security and system procedures over the keys in such systems is called key management.
The level of security to be achieved needs to be related to a number of factors, including the sensitivity of the data concerned and the likelihood that it will be intercepted; the practicality of any envisaged encipherment process; and the cost of providing (and breaking) a particular means of security. It is therefore necessary for communicating parties to agree on the key management procedures and extent and detail of security as specified in ISO 13491 (all parts).
The primary objectives of key management are to provide those keys needed to perform the required cryptographic operations and to control the use of those keys. Key management also ensures that those keys are protected adequately during their life cycle. The security objectives of key management are to minimize the opportunity for a breach of security, to minimize the consequences or damages of a security breach, and to maximize the probability of detection of any ilicit access or change to keys that may occur, despite preventive measures. This applies to all stages of the generation, distribution, storage, use and archiving of keys, including those processes that occur in cryptographic equipment and those related to communication of cryptographic keys between communicating parties.
NOTE This part of ISO 11568 covers the above issues. Total system security also includes such issues as protecting communications, data processing systems, equipment and facilities.ISO 11568-1 pdf download.

Related standards